Details of VAR-200110-0106

ID

VAR-200110-0106

CVE

CVE-2001-1280

TITLE

Ipswitch IMail Account Information Brute Force Vulnerability

Trust: 0.9

sources: BID: 3424 // CNNVD: CNNVD-200110-047

DESCRIPTION

POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP, etc. An issue exists in Ipswitch IMail server, which could allow an unauthorized user to gain knowledge of a legitimate username and brute force the password

Trust: 1.26

sources: NVD: CVE-2001-1280 // BID: 3424 // VULHUB: VHN-4085

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.6	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.0.2	Trust: 1.9

sources: BID: 3424 // CNNVD: CNNVD-200110-047 // NVD: CVE-2001-1280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1280
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200110-047
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4085
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1280
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4085
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4085 // CNNVD: CNNVD-200110-047 // NVD: CVE-2001-1280

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-047

TYPE

Design Error

Trust: 0.9

sources: BID: 3424 // CNNVD: CNNVD-200110-047

EXTERNAL IDS

db:	BID	id:	3424	Trust: 2.0
db:	NVD	id:	CVE-2001-1280	Trust: 2.0
db:	CNNVD	id:	CNNVD-200110-047	Trust: 0.7
db:	BUGTRAQ	id:	20011011 VULNERABILITIES IN IPSWITCH IMAIL SERVER 7.04	Trust: 0.6
db:	VULHUB	id:	VHN-4085	Trust: 0.1

sources: VULHUB: VHN-4085 // BID: 3424 // CNNVD: CNNVD-200110-047 // NVD: CVE-2001-1280

REFERENCES

url:	http://www.securityfocus.com/bid/3424	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html	Trust: 1.7
url:	http://www.ipswitch.com/support/imail/news.html	Trust: 1.7
url:	http://www.ipswitch.com/products/imail_server/index.html	Trust: 0.3
url:	http://ipswitch.com/support/imail/patch-upgrades.html	Trust: 0.3

sources: VULHUB: VHN-4085 // BID: 3424 // CNNVD: CNNVD-200110-047 // NVD: CVE-2001-1280

CREDITS

Discovered and posted to Bugtraq by Arne Vidstrom <arne.vidstrom@ntsecurity.nu> on Oct 11, 2001.

Trust: 0.9

sources: BID: 3424 // CNNVD: CNNVD-200110-047

SOURCES

db:	VULHUB	id:	VHN-4085
db:	BID	id:	3424
db:	CNNVD	id:	CNNVD-200110-047
db:	NVD	id:	CVE-2001-1280

LAST UPDATE DATE

2025-04-03T22:16:57.496000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4085	date:	2008-09-10T00:00:00
db:	BID	id:	3424	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200110-047	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1280	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4085	date:	2001-10-12T00:00:00
db:	BID	id:	3424	date:	2001-10-12T00:00:00
db:	CNNVD	id:	CNNVD-200110-047	date:	2001-10-12T00:00:00
db:	NVD	id:	CVE-2001-1280	date:	2001-10-12T04:00:00